diff options
| author | van Hauser <vh@thc.org> | 2020-11-01 21:34:08 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-11-01 21:34:08 +0100 |
| commit | 0fd98ae8b070b05a72b2c47a76f4ea145f9d51c2 (patch) | |
| tree | 67b81c3ebc89ee3745edba2acd436908e3ca9b78 /include | |
| parent | a0c0cf97129cc42b98c3ac65aeb9c2ca81db899f (diff) | |
| download | afl++-0fd98ae8b070b05a72b2c47a76f4ea145f9d51c2.tar.gz | |
added mutation introspection make target
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 6 | ||||
| -rw-r--r-- | include/alloc-inl.h | 36 |
2 files changed, 42 insertions, 0 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 85b31795..5ff7672b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -717,6 +717,12 @@ typedef struct afl_state { * is too large) */ struct queue_entry **q_testcase_cache; +#ifdef INTROSPECTION + char mutation[8072]; + char m_tmp[4096]; + FILE *introspection_file; +#endif + } afl_state_t; struct custom_mutator { diff --git a/include/alloc-inl.h b/include/alloc-inl.h index 36e47810..d7aa51a7 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -708,6 +708,42 @@ static inline void *afl_realloc(void **buf, size_t size_needed) { } +/* afl_realloc_exact uses afl alloc buffers but sets it to a specific size */ + +static inline void *afl_realloc_exact(void **buf, size_t size_needed) { + + struct afl_alloc_buf *new_buf = NULL; + + size_t current_size = 0; + + if (likely(*buf)) { + + /* the size is always stored at buf - 1*size_t */ + new_buf = (struct afl_alloc_buf *)afl_alloc_bufptr(*buf); + current_size = new_buf->complete_size; + + } + + size_needed += AFL_ALLOC_SIZE_OFFSET; + + /* No need to realloc */ + if (unlikely(current_size == size_needed)) { return *buf; } + + /* alloc */ + new_buf = (struct afl_alloc_buf *)realloc(new_buf, size_needed); + if (unlikely(!new_buf)) { + + *buf = NULL; + return NULL; + + } + + new_buf->complete_size = size_needed; + *buf = (void *)(new_buf->buf); + return *buf; + +} + static inline void afl_free(void *buf) { if (buf) { free(afl_alloc_bufptr(buf)); } |